Have you noticed the “Not Secure” label next to your website’s URL on browsers such as Chrome and Firefox? Don’t panic! It doesn’t mean that your site is dangerous to site visitors. It’s actually the browsers’ way of forcing HTTPS adaptation on all websites. It used to be that HTTPS is only necessary if your site handles credit card information or similarly sensitive data. Nowadays, more and more website owners (myself included) are moving our sites to HTTPS even though it is not essential. Today, I will explain what HTTPS is, the advantage of using HTTPS, and how to manually migrate a WordPress site to HTTPS.
Advantages of HTTPS
HTTPS (Hypertext Transport Protocol Secure) uses an SSL certificate to establish a secured connection between browser and server. As a result, any information that is exchanged gets encrypted, replacing plain texts with random numbers and letters. Here are some advantages of having HTTPS on your site:
- Increased Security: Without HTTPS, it is possible for third parties to alter the data your visitors receive (e.g. adding ads, malware, etc.). HTTPS prevents that from happening and has the added benefit of making your WordPress login pages more secure by encrypting the login information that gets passed to the server.
- Search Engine Optimization (SEO) Benefits: Google has started using HTTPS as a factor in its ranking. HTTPS is significantly faster than HTTP, and page loading speed is another important factor in search engine ranking.
Migrate a WordPress site to HTTPS
When you migrate a WordPress site to HTTPS, you have the option of using a plugin such as Really Simple SSL or use a manual approach. The instruction below is the manual method I’ve used to migrate a WordPress site from HTTP to HTTPS. Prior to moving the site, you will need to obtain a SSL certificate (often through your hosting company) and ask your SSL certificate provider to install the certificate for you. It’s a good idea to back up your site before making any changes to your website.
Instructions for Migrating a WordPress site to HTTPS Manually
- Modify wp-config.php: Add “define(‘FORCE_SSL_ADMIN’, true);” to wp-config.php somewhere before “That’s all, stop editing.” The wp-config.php file is located in the root directory of your site on the server. Try to access your login page with HTTPS in the URL afterward to ensure you have a secure connection.
- Update WordPress settings: Add “https://” to the beginning of both the WordPress address and site address in Settings > General and and save the changes. You will be asked to login again afterward.
- Update links in your content, templates, and database that contain the old HTTP: You can do this manually or use a plugin such as the Better Search and Replace. You may want to change your links to // instead of https://. The links will then create relative links themselves!
- Implement 301 redirect in .htaccess in your WordPress root directory: By default, the .htaccess file is invisible so you will need to allow your FTP (File Transfer Protocol) client to show hidden files. If you don’t already have the file in your WordPress root directory, create a plain text file named .htaccess and upload it to the server. The following code needs to be added to .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] - Use a tool such as SSL Test: The tool will provide you with an overall score of how well you’ve implemented SSL certificate on your site and find potential issues that need to be addressed.
HTTP to HTTPS migration is becoming a common task that web developers have to deal with. Therefore, it is essential to have a good understanding for the process involved in migrating a site to HTTPS.